Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/stianst/demo-kubernetes
https://github.com/stianst/demo-kubernetes
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/stianst/demo-kubernetes
- Owner: stianst
- Archived: true
- Created: 2018-06-26T18:24:50.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2018-06-27T20:07:25.000Z (about 6 years ago)
- Last Synced: 2024-02-10T10:11:36.972Z (5 months ago)
- Language: JavaScript
- Size: 9.77 KB
- Stars: 56
- Watchers: 8
- Forks: 36
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Lists
- awesome-keycloak - Example for Securing Apps with Keycloak on Kubernetes
README
# Keycloak Kubernetes Demo
This demo assumes you have minikube installed with the ingress addon enabled.
## Setup URLs
The following URLs uses nip.io to prevent having to modify `/etc/hosts`.
export MINIKUBE_IP=`minikube ip`
export KEYCLOAK_HOST=keycloak.$MINIKUBE_IP.nip.io
export BACKEND_HOST=backend.$MINIKUBE_IP.nip.io
export FRONTEND_HOST=frontend.$MINIKUBE_IP.nip.io## Keycloak
kubectl create -f keycloak/keycloak.yaml
cat keycloak/keycloak-ingress.yaml | sed "s/KEYCLOAK_HOST/$KEYCLOAK_HOST/" \
| kubectl create -f -echo https://$KEYCLOAK_HOST
The Keycloak admin console should now be opened in your browser. Ignore the warning caused by the self-signed certificate. Login with admin/admin. Create a new realm and import `keycloak/realm.json`.
The client config for the frontend allows any redirect-uri and web-origin. This is to simplify configuration for the demo. For a production system always use the real URL of the application for the redirect-uri and web-origin.
## Backend
eval `minikube docker-env`
docker build -t kube-demo-backend backendcat backend/backend.yaml | sed "s/KEYCLOAK_HOST/$KEYCLOAK_HOST/" | \
kubectl create -f -cat backend/backend-ingress.yaml | sed "s/BACKEND_HOST/$BACKEND_HOST/" | \
kubectl create -f -echo https://$BACKEND_HOST/public
## Frontend
eval `minikube docker-env`
docker build -t kube-demo-frontend frontendcat frontend/frontend.yaml | sed "s/KEYCLOAK_HOST/$KEYCLOAK_HOST/" | \
sed "s/BACKEND_HOST/$BACKEND_HOST/" | \
kubectl create -f -cat frontend/frontend-ingress.yaml | sed "s/FRONTEND_HOST/$FRONTEND_HOST/" | \
kubectl create -f -echo https://$FRONTEND_HOST
The frontend application should now be opened in your browser. Login with stian/pass. You should be able to invoke public and invoke secured, but not invoke admin. To be able to invoke admin go back to the Keycloak admin console and add the `admin` role to the user `stian`.